WannaCry Ransomware Links To A North Korean Group, Experts Claim

Two security firms have suggested that the WannaCry ransomware is linked to a cyber gang called the Lazarus Group. The group is known to be based in the rogue nation North Korea.

In an article published in Wired, security firms Kaspersky and Symantec both concluded last Monday that the technical details they found in an early version of the WannaCry ransomware code are similar to the code that used by North Korean hackers in attacking the Sony Pictures after making the movie "The Interview," the movie that mocks their Supreme Leader King Jong-Un. The code was also similar with the code used in the $81 million heist on a Bangladeshi bank back in 2016.

Besides the WannaCry ransomware code, the Lazarus Group was previously linked with various use and targeting of BitCoin in its hacking operations. The similarities were first viewed by Neal Mehta, a Google security researcher. The conclusion is also the same with other researchers like Matthieu Suiche from Comae Technologies, a UAE-based company.

"We believe it's important that other researchers around the world investigate these similarities and attempt to discover more facts about the origin of WannaCry," Kaspersky Lab said about the WannaCry ransomware in their blog post. They also pointed out that the early days of the Bangladesh bank attack already showed some signs of a usual Lazarus group attack. Over time, the researchers found more evidence to pinpoint the North Korean cyber gang.

Kaspersky added that their research teams have been studying the group behind the WannaCry ransomware for years now. Last April, they published a detailed information, exposing on how the group does their modus operandi.

They added that the level of sophistication the Lazarus Group does with WannaCry ransomware and other activities is not generally found in the cybercriminal world as it is something that would require strict organization and control at all stages of operation. That's why we think that Lazarus is not just another advanced persistent threat actor," Kaspersky said.

Currently, the WannaCry ransomware attack has hit more than 200,000 computers in over 150 countries. This resulted in hospitals, governments, and businesses crippling and having the inconvenience.